Some Mail Spam Observation

My server hosts several mail domains (including my own one – vdachev.net) and is also a secondary mail exchanger for others. In an effort to reduce the spam traffic sent to and passing through my server I strenghtened the anti-spam policy of my servers. I’ve also moved many mail domains to Google Apps as it turned out to be a great solution and deals pretty well with spam.
There were a few things that I paid attention to:

Spammers predominantly use secondary mail exchangers. Quote clever decision – secondary mail exchangers often have no way to check if a mailbox is not available or not and accept the e-mail for delivery. They usually don’t do the spam filtering as it is often a local delivery task so it’s not their job. What I mean… spam is more likely to be accepted by a secondary mail exchanger. Even if a message gets bounced by the primary mail exchanger it is not of importance to the spammer;

In my setup I had disabled DNS blacklist checks in Postfix as SpamAssassin did them. However my SpamAssassin marks unsolicited e-mails as spam but lets them pass through. So blacklisted senders were able to send spam to domains I relay for instead of being sent a “554 Transaction failed.” error code. That’s why I added DNS blacklist checks in Postfix itself (a main.cf snippet below);

A few weeks after moving a domain to Google Apps and changing the MX records accordingly I still have receive spam relayed through my servers for this domain. I intentionally didn’t remove the domain from the list of domains I relay for because I don’t want a mail to be lost because of unexpired DNS entries. It seems spammers are aware of such techniques and save old MX records. Fine! I removed the obsolete domains out of my relay list…

… but the last one presupposes there are system that keeps sending spam for a very long period of time (a few weeks!). If they are hacked why the f*ck their administrators get paid for?! If not, it’s intentional… and their ISPs obviously support spam. I suppose it’s the latter and that’s why wide ranges are blacklisted. Hah! And that’s why my mail queue has almost no requests in it after the change in Postfix.